期刊名称:International Journal of Computer Trends and Technology
电子版ISSN:2231-2803
出版年度:2019
卷号:67
期号:4
页码:67-73
DOI:10.14445/22312803/IJCTT-V67I4P115
出版社:Seventh Sense Research Group
摘要:Computer networks bring us not only the benefits, such as more computing power and better performance for a given price, but also some challenges and risks, especially in the field of system security. During the past two decades, significant effort has been put into network security research and several techniques have been developed for building secure networks. Packet filtering plays an important role in many securityrelated techniques, such as intrusion detection, access control and firewall. A packetfiltering system constitutes the first line of defense in a computer network environment. The key issues in the packetfiltering technique are efficiency and flexibility. The efficiency refers to the ability of a filter to quickly capture network packets of interest, while the flexibility means the filter can be customized easily for different packet patterns. In this paper, we present a realtime packetfiltering module, which can be integrated into a largescale network intrusion detection system. The core of this packetfiltering module is a rulebased specification language ASL (Auditing Specification Language), which is used in describing the packet patterns and reactions for a network intrusion detection system. The important features of ASL that are not provided by other packetfiltering systems are protocol independence and type safety. ASL provides a number of new features that distinguish it from other languages used for intrusion detection and packet filtering, such as packet structure description and protocol constraint checking. We develop the algorithms and heuristics for constructing fast packet filter from ASL specifications. Our algorithms improve upon existing techniques in that the performance of the generated filters is insensitive to the number of rules. We discuss implementation of these algorithms and present experimental results
关键词:Sensor Sniffing Tools; NF2 with METLAB filtering .
